mtd: phram: Add the kernel lock down check

The phram MTD driver may map any memory pages no matter whether it's reserved or whatever used for systems, which basically allows user bypassing the lock down. Add the check and abort the probe if the kernel is locked down for LOCKDOWN_DEV_MEM. Reported-by: Fabian Vogt <fvogt@suse.com> Suggested-by: Fabian Vogt <fvogt@suse.com> Signed-off-by: Takashi Iwai <tiwai@suse.de> Acked-by: Richard Weinberger <richard@nod.at> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
author: Takashi Iwai <tiwai@suse.de> 2024-11-14 16:44:41 +0100
committer: Miquel Raynal <miquel.raynal@bootlin.com> 2024-12-05 11:11:44 +0100
commit: b3c782868ecebd0c1661a6aa2bdc84cd3cbb1ef3 (patch)
tree: 94f169e99fa5e5af75500c459296b26bedee9bf0
parent: 78a56df609460e8e708cb4500d624dc8a3732cfa (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/drivers/mtd/devices/phram.c b/drivers/mtd/devices/phram.c
index b8bbc7ecbe95..fd9ec165e61a 100644
--- a/drivers/mtd/devices/phram.c
+++ b/drivers/mtd/devices/phram.c
@@ -30,6 +30,7 @@
 #include <linux/platform_device.h>
 #include <linux/of_address.h>
 #include <linux/of.h>
+#include <linux/security.h>
 
 struct phram_mtd_list {
 	struct mtd_info mtd;
@@ -410,6 +411,10 @@ static int __init init_phram(void)
 {
 	int ret;
 
+	ret = security_locked_down(LOCKDOWN_DEV_MEM);
+	if (ret)
+		return ret;
+
 	ret = platform_driver_register(&phram_driver);
 	if (ret)
 		return ret;
author	Takashi Iwai <tiwai@suse.de>	2024-11-14 16:44:41 +0100
committer	Miquel Raynal <miquel.raynal@bootlin.com>	2024-12-05 11:11:44 +0100
commit	b3c782868ecebd0c1661a6aa2bdc84cd3cbb1ef3 (patch)
tree	94f169e99fa5e5af75500c459296b26bedee9bf0
parent	78a56df609460e8e708cb4500d624dc8a3732cfa (diff)